OS X Lion passwords vulnerable

Security blogger Patrick Dunstan first uncovered the problem. Passwords are stored in so-called shadow files, which can only be accessed with the right user password - except that Lion allows users to see all the passwords.

"It appears Directory Services in Lion no longer requires authentication when requesting a password change for the current user. So, in order to change the password of the currently logged in user, simply use: $ dscl localhost -passwd /Search/Users/bob and voilà! You will be prompted to enter a new password without the need to authenticate."

It's only a problem for users who share their machine with others, as the flaw can only be exploited by someone who has local access to the computer and Directory Service access.

"This is particularly dangerous if you are using Apple's new FileVault 2 disk encryption," says Chester Wisniewski of security firm Sophos.

"If your Mac were left unlocked and someone changed your password you would no longer be able to boot your computer and potentially would lose access to all of your data."

He says he's been able to confirm with testers of the next version, OS X 10.7.2, that the flaw still exists in test builds. Presumably Apple's working on an update.